Reducing Kernel Surface Areas for Isolation and Scalability
| Autor: | Daniel Zahka, Brian Kocoloski, Kate Keahey |
|---|---|
| Rok vydání: | 2019 |
| Předmět: |
020203 distributed computing
business.industry Computer science Quality of service Distributed computing 020206 networking & telecommunications Linux kernel 02 engineering and technology computer.software_genre Monolithic kernel Software Kernel (image processing) Virtual machine Scalability 0202 electrical engineering electronic engineering information engineering business computer System software |
| Zdroj: | ICPP |
| DOI: | 10.1145/3337821.3337900 |
| Popis: | Isolation is a desirable property for applications executing in multi-tenant computing systems. On the performance side, hardware resource isolation via partitioning mechanisms is commonly applied to achieve QoS, a necessary property for many noise-sensitive parallel workloads. Conversely, on the software side, partitioning is used, usually in the form of virtual machines, to provide secure environments with smaller attack surfaces than those present in shared software stacks. In this paper, we identify a further benefit from isolation, one that is currently less appreciated in most parallel computing settings: isolation of system software stacks, including OS kernels, can lead to significant performance benefits through a reduction in variability. To highlight the existing problem in shared software stacks, we first developed a new systematic approach to measure and characterize latent sources of variability in the Linux kernel. Using this approach, we find that hardware VMs are effective substrates for limiting kernel-level interference that otherwise occurs in monolithic kernel systems. Furthermore, by enabling reductions in variability, we find that virtualized environments often have superior worst-case performance characteristics than native or containerized environments. Finally, we demonstrate that due to their isolated software contexts, most virtualized applications consistently outperform their bare-metal counterparts when executing on 64-nodes of a multi-tenant, kernel-intensive cloud system. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|